Stack Overflow
Stack Overflow

Questions tagged [impersonation]

Impersonation is a process whereby an application assumes another identity or security context during execution.

1522 questions
23
votes
2 answers

Impersonate Domain User with Integrated Pipeline

In an local Intranet environment, are we doomed to use "Classic" pipeline mode in our App Pool if we want to use Impersonate our Windows domain users, or is there a new way to declaratively "run as" them (so-to-speak)? My goal is to use Windows…
Chiramisu
  • 4,687
  • 7
  • 47
  • 77
22
votes
5 answers

How to identify if a user is being impersonated in Symfony2?

In an application built with Symfony2 we want superadmins to be able to impersonate other users. This is easily done by giving the superadmin user the ROLE_ALLOWED_TO_SWITCH role. The switching is implemented with a call to "somewhere?_switch_user="…
Aleksander Krzywinski
  • 825
  • 7
  • 13
22
votes
2 answers

Auth0 impersonation deprecated.. What should I use instead?

On our website, administrators should be able to view the website as the user (client). I planned on using Auth0 for this, and just noticed their impersonation feature is deprecated. I could force some login flag in Redux to allow the admin to view…
Greg Miller
  • 1,064
  • 13
  • 22
20
votes
4 answers

Continuation Task in the same thread as previous

I have an WebService that creates a task and a continuation task. In the first task we set Thread.CurrentPrincipal Hence, When the ContinuationTask starts it no longer has the Thread.CurrentPrincipal. I'd like to specify in the ContinuationTask that…
Luis Filipe
  • 8,488
  • 7
  • 48
  • 76
19
votes
4 answers

Can I turn off impersonation just in a couple instances

I have an app that has impersonation used throughout. But when a user is logged in as an admin, a few operation require them to write to the server itself. Now if these users do not have rights on the actual server (some don't) it will not let…
naspinski
  • 34,020
  • 36
  • 111
  • 167
18
votes
5 answers

Application pool identity or Impersonation

(A question of similar vein has been asked before but both the question and the accepted answer do not provide the detail I am looking for) With the intention of running an asmx web service under a dedicated domain account what are the usage…
Pero P.
  • 25,813
  • 9
  • 61
  • 85
18
votes
1 answer

App pool identity versus impersonation identity?

I found only one thread relating to this but it did not answer the question. I'm curious to a link or explanation of the difference between setting an impersonation user via in the web.config versus setting the application pool identity in IIS.…
Ryan Peters
  • 7,608
  • 8
  • 41
  • 57
16
votes
0 answers

Implementing user impersonation in Rails API + React client

So, I found gems like pretender, user_impersonate2 and switch_user. They all seem to accomplish the similar goal - switching current_user for systems like Devise, for "monolith" Rails apps. I have a React client talking to a Rails app. The admin…
Oleksii Filonenko
  • 1,551
  • 1
  • 17
  • 27
15
votes
6 answers

How to Start/Stop a Windows Service from an ASP.NET app - Security issues

Here's my Windows/.NET security stack: A Windows Service running as LocalSystem on a Windows Server 2003 box. A .NET 3.5 Website running on the same box, under "default" production server IIS settings (so probably as NETWORKSERVICE user?) On my…
andy
  • 8,775
  • 13
  • 77
  • 122
15
votes
5 answers

Failed to start monitoring changes on global.asax .net 3.5 Web service using Impersonation

I am trying to use impersonation in a an asp.net 3.5 webservice. However whenever I try to run the service with Impersonation enabled (In web.config) I am receiving the following error in my Windows Event log: Exception message: Failed to start…
Fishcake
  • 10,496
  • 7
  • 44
  • 72
15
votes
3 answers

IdentityServer4 - How to Implement Impersonation

I have a requirement of allowing our internal support users to impersonate our customer users. I'm currently using IdentityServer4, Implicit Flow and OIDC Client. Resources found so far. [Question]IdentityServer4 user impersonation #853 Generate…
ttugates
  • 5,818
  • 3
  • 44
  • 54
15
votes
3 answers

What is Impersonation in ASP.NET?

Please explain impersonation for non-technical users.Then please explain it in the context of ASP.NET. Is Impersonation good or evil? Do we use it in the case of Forms-based Authentication?
amutha
  • 153
  • 1
  • 1
  • 4
14
votes
1 answer

Is it safe to set validateIntegratedModeConfiguration=false in order to continue using identity impersonate=true?

We have upgraded an ASP.NET web application from IIS6 to IIS7 integrated mode. Our application uses: and therefore we have had to set: Is this sensible? My…
Greg Tarr
  • 496
  • 3
  • 5
  • 19
14
votes
3 answers

ASP.NET refuses to respect my authority.

I've managed to impersonate a user successfully. Using the LogonUser Interop, e.g. [DllImport("advapi32.dll", SetLastError = true)] static extern bool LogonUser( string principal, string authority, string password, …
George Johnston
  • 31,652
  • 27
  • 127
  • 172
14
votes
2 answers

ASP.NET impersonates NT AUTHORITY\IUSR but impersonation is disabled. ASP.NET bug?

I have an ASP.NET 4.0 application running on Windows 7 / IIS 7.5 in the "ASP.NET v4.0 Classic" application pool, which is configured to run as Network Service. The application has an Application_EndRequest handler which connects to a local SQL…
Michael Liu
  • 52,147
  • 13
  • 117
  • 150
1
2
3
99 100